DNSSEC Readiness
Curtis Maurand
cmaurand at xyonet.com
Tue Feb 16 19:54:29 UTC 2010
I haven't run BIND in a number of years.
--Curtis
On 2/15/2010 2:06 PM, Charles N Wyble wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Tony Finch wrote:
>
>> On Mon, 15 Feb 2010, Charles N Wyble wrote:
>>
>>> How are folks verifying DNSSEC readiness of their environments? Any
>>> existing testing methodologies / resources that folks are using?
>>>
>> Here's my summary of the situation (as of a couple of months ago) with
>> links to a few key resources: http://fanf.livejournal.com/104774.html
>>
>> Tony.
>>
> Most interesting. Thanks.
>
> - From https://www.dns-oarc.net/oarc/services/replysizetest
>
> charles at charles-laptop:~] dig +short rs.dns-oarc.net txt
> rst.x3827.rs.dns-oarc.net.
> rst.x3837.x3827.rs.dns-oarc.net.
> rst.x3843.x3837.x3827.rs.dns-oarc.net.
> "8.0.23.143 sent EDNS buffer size 4096"
> "8.0.23.143 DNS reply size limit is at least 3843"
> "Tested at 2010-02-15 19:03:47 UTC"
> charles at charles-laptop:~]
>
> I have a local BIND server I use for DNS. It's whatever Ubuntu 9.10
> installs with apt-get, and a cisco 1841 as my edge router.
>
> I imagine that is a pretty standard setup in a lot of user sites (linux
> with bind and a cisco router of some sort).
>
> Will do further investigation.
>
> - --
> Charles N Wyble
> Linux Systems Engineer
> charles at knownelement.com (818)280-7059
> http://www.knownelement.com
> Unless agreed upon, assume everything in this e-mail might be blogged.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkt5mxQACgkQJmrRtQ6zKE99PwCgh5ikE7LRywT610jG4QkkTE4n
> lyoAoMT67y/fGQHadGC6aHyRzRzQsxZi
> =K8sW
> -----END PGP SIGNATURE-----
>
>
More information about the NANOG
mailing list